From a3855dfcd3baa9ff619a12dd08d3bbce57475a3e Mon Sep 17 00:00:00 2001
From: bikubi <github@jakobwierzba.de>
Date: Thu, 19 May 2022 19:21:16 +0200
Subject: [PATCH] re-fix zip traversal vuln, path discrepancy

/data/data/foo vs /data/user/0/foo,
as suggested by @jcperuffo in https://github.com/MobileChromeApps/cordova-plugin-zip/pull/92#issuecomment-1083762452
---
 src/android/Zip.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/android/Zip.java b/src/android/Zip.java
index 7afe3103..e4c18a9d 100644
--- a/src/android/Zip.java
+++ b/src/android/Zip.java
@@ -127,7 +127,8 @@ private void unzipSync(CordovaArgs args, CallbackContext callbackContext) {
                 } else {
                     File file = new File(outputDirectory + compressedName);
                     String canonicalPath = file.getCanonicalPath();
-                    if (!canonicalPath.startsWith(outputDirectory)) {
+                    String absolutePath = file.getAbsolutePath();
+                    if (!canonicalPath.startsWith(outputDirectory) && !absolutePath.startsWith(outputDirectory)) {
                         String errorMessage = "Zip traversal security error";
                         callbackContext.error(errorMessage);
                         Log.e(LOG_TAG, errorMessage);